The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

Firewall and distributed denial-of-service (DDoS) attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls, defeating the very purpose of these safeguards, it has emerged. "Attackers can utilize their own Cloudflare accounts to abuse the per-design trust-relationship between Cloudflare and the customers' websites, rendering the protection mechanism ineffective," Certitude researcher Stefan Proksch  said  in a report published last week. The problem, per the Austrian consulting firm, is the result of shared infrastructure available to all tenants within Cloudflare, regardless of whether they are legitimate or otherwise, thereby making it easy for malicious actors to abuse the implicit trust associated with the service and defeat the guardrails. The first issue stems from opting for a shared Cloudflare certificate to authenticate HTTP(S) requests between the service's reverse proxies and the customer's o...

Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild. Tracked as  CVE-2023-4211 , the shortcoming impacts the following driver versions - Midgard GPU Kernel Driver: All versions from r12p0 - r32p0 Bifrost GPU Kernel Driver: All versions from r0p0 - r42p0 Valhall GPU Kernel Driver: All versions from r19p0 - r42p0 Arm 5th Gen GPU Architecture Kernel Driver: All versions from r41p0 - r42p0 "A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory," Arm  said  in a Monday advisory. "There is evidence that this vulnerability may be under limited, targeted exploitation." The issue, credited to Maddie Stone of Google's Threat Analysis Group (TAG) and Jann Horn of Google Project Zero, has been addressed in Bifrost, Valhall and Arm 5th Gen GPU Architecture Kernel Driver r43p0. Google, in its own monthly  Androi...

Introduction In today's interconnected digital ecosystem, Application Programming Interfaces (APIs) play a pivotal role in enabling seamless communication and data exchange between various software applications and systems. APIs act as bridges, facilitating the sharing of information and functionalities. However, as the use of APIs continues to rise, they have become an increasingly attractive target for cybercriminals and a significant cybersecurity risk across various industries. This article dives into the world of APIs, exploring why they pose substantial cybersecurity challenges and providing real-world examples of API breaches across different sectors. Download  API Security Guide . The API Revolution The proliferation of cloud computing, mobile apps, and the Internet of Things (IoT) has accelerated the adoption of APIs. They serve as the building blocks of modern software applications, enabling developers to integrate third-party services, enhance functionalities, and c...

LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Property (IP) for extortion. LUCR-3 targets Fortune 2000 companies across various sectors, including but not limited to Software, Retail, Hospitality, Manufacturing, and Telecoms. LUCR-3 does not rely heavily on malware or even scripts; instead, LUCR-3 expertly uses victims' own tools, applications, and resources to achieve their goals. At a high level, Initial Access is gained through compromising existing identities in the IDP (Okta: Identity Cloud, Azure AD / Entra, Ping Identity: PingOne). LUCR-3 uses SaaS applications such as document portals, ticketing systems, and chat applications to learn how the victim organization operates and how to access sensitive information. Using the data they gained from reconnaissance within the SaaS ...

A financially motivated campaign has been targeting online payment businesses in the Asia Pacific, North America, and Latin America with web skimmers for more than a year. The BlackBerry Research and Intelligence Team is tracking the activity under the name  Silent Skimmer , attributing it to an actor who is knowledgeable in the Chinese language. Prominent victims include online businesses and point-of-sale (PoS) service providers. "The campaign operators exploit vulnerabilities in web applications, particularly those hosted on Internet Information Services (IIS)," the Canadian cybersecurity firm  said . "Their primary objective is to compromise the payment checkout page, and swipe visitors' sensitive payment data." A successful initial foothold is followed by the threat actors leveraging multiple open-source tools and living-off-the-land (LotL) techniques for privilege escalation, post-exploitation, and code execution. The attack chain leads to the deploy...

A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as  CVE-2023-37476  (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below. "Although OpenRefine is designed to only run locally on a user's machine, an attacker can trick a user into importing a malicious project file," Sonar security researcher Stefan Schiller  said  in a report published last week. "Once this file is imported, the attacker can execute arbitrary code on the user's machine." Software prone to  Zip Slip vulnerabilities  can pave the way for code execution by taking advantage of a directory traversal bug that an attacker can exploit to gain access to parts of the file system that should be out of reach otherwise. The attack is built on t...